Is someone trying to hack my server?





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







0















So I typed journalctl after ssh(ing) into the server and got the following output: (so is someone trying to hack system or is it from my side?)
(Also note the timing says 5am? but most likely none of us login into system at that time? so it something from apache/ubuntu?)



Apr 30 05:38:59 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2
Apr 30 05:38:56 bosc-chat sshd[13592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12 user=root
Apr 30 05:38:55 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2
Apr 30 05:38:54 bosc-chat sshd[13590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133 user=root
Apr 30 05:38:53 bosc-chat sshd[13566]: PAM service(sshd) ignoring max retries; 6 > 3
Apr 30 05:38:53 bosc-chat sshd[13566]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12 user=root
Apr 30 05:38:53 bosc-chat sshd[13566]: Disconnecting authenticating user root 58.242.82.12 port 58191: Too many authentication failures [preauth]
Apr 30 05:38:53 bosc-chat sshd[13566]: error: maximum authentication attempts exceeded for root from 58.242.82.12 port 58191 ssh2 [preauth]
Apr 30 05:38:53 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
Apr 30 05:38:50 bosc-chat sshd[13558]: PAM service(sshd) ignoring max retries; 6 > 3
Apr 30 05:38:50 bosc-chat sshd[13558]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133 user=root
Apr 30 05:38:50 bosc-chat sshd[13558]: Disconnecting authenticating user root 218.92.0.133 port 24314: Too many authentication failures [preauth]
Apr 30 05:38:50 bosc-chat sshd[13558]: error: maximum authentication attempts exceeded for root from 218.92.0.133 port 24314 ssh2 [preauth]
Apr 30 05:38:50 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
Apr 30 05:38:50 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
Apr 30 05:38:47 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
Apr 30 05:38:47 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
Apr 30 05:38:45 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
Apr 30 05:38:44 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
Apr 30 05:38:42 bosc-chat sshd[13560]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207 user=root
Apr 30 05:38:42 bosc-chat sshd[13560]: Disconnected from authenticating user root 218.92.0.207 port 40772 [preauth]
Apr 30 05:38:42 bosc-chat sshd[13560]: Received disconnect from 218.92.0.207 port 40772:11: [preauth]
Apr 30 05:38:42 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
Apr 30 05:38:42 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
Apr 30 05:38:41 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
Apr 30 05:38:40 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
Apr 30 05:38:40 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
Apr 30 05:38:38 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
Apr 30 05:38:38 bosc-chat sshd[13566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost


If someone is really trying to hack then is there something i can do about it?



Thank you very much!










share|improve this question







New contributor




Muhammad Usman is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



























    0















    So I typed journalctl after ssh(ing) into the server and got the following output: (so is someone trying to hack system or is it from my side?)
    (Also note the timing says 5am? but most likely none of us login into system at that time? so it something from apache/ubuntu?)



    Apr 30 05:38:59 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2
    Apr 30 05:38:56 bosc-chat sshd[13592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12 user=root
    Apr 30 05:38:55 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2
    Apr 30 05:38:54 bosc-chat sshd[13590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133 user=root
    Apr 30 05:38:53 bosc-chat sshd[13566]: PAM service(sshd) ignoring max retries; 6 > 3
    Apr 30 05:38:53 bosc-chat sshd[13566]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12 user=root
    Apr 30 05:38:53 bosc-chat sshd[13566]: Disconnecting authenticating user root 58.242.82.12 port 58191: Too many authentication failures [preauth]
    Apr 30 05:38:53 bosc-chat sshd[13566]: error: maximum authentication attempts exceeded for root from 58.242.82.12 port 58191 ssh2 [preauth]
    Apr 30 05:38:53 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
    Apr 30 05:38:50 bosc-chat sshd[13558]: PAM service(sshd) ignoring max retries; 6 > 3
    Apr 30 05:38:50 bosc-chat sshd[13558]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133 user=root
    Apr 30 05:38:50 bosc-chat sshd[13558]: Disconnecting authenticating user root 218.92.0.133 port 24314: Too many authentication failures [preauth]
    Apr 30 05:38:50 bosc-chat sshd[13558]: error: maximum authentication attempts exceeded for root from 218.92.0.133 port 24314 ssh2 [preauth]
    Apr 30 05:38:50 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
    Apr 30 05:38:50 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
    Apr 30 05:38:47 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
    Apr 30 05:38:47 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
    Apr 30 05:38:45 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
    Apr 30 05:38:44 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
    Apr 30 05:38:42 bosc-chat sshd[13560]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207 user=root
    Apr 30 05:38:42 bosc-chat sshd[13560]: Disconnected from authenticating user root 218.92.0.207 port 40772 [preauth]
    Apr 30 05:38:42 bosc-chat sshd[13560]: Received disconnect from 218.92.0.207 port 40772:11: [preauth]
    Apr 30 05:38:42 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
    Apr 30 05:38:42 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
    Apr 30 05:38:41 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
    Apr 30 05:38:40 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
    Apr 30 05:38:40 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
    Apr 30 05:38:38 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
    Apr 30 05:38:38 bosc-chat sshd[13566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost


    If someone is really trying to hack then is there something i can do about it?



    Thank you very much!










    share|improve this question







    New contributor




    Muhammad Usman is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      0












      0








      0








      So I typed journalctl after ssh(ing) into the server and got the following output: (so is someone trying to hack system or is it from my side?)
      (Also note the timing says 5am? but most likely none of us login into system at that time? so it something from apache/ubuntu?)



      Apr 30 05:38:59 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2
      Apr 30 05:38:56 bosc-chat sshd[13592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12 user=root
      Apr 30 05:38:55 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2
      Apr 30 05:38:54 bosc-chat sshd[13590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133 user=root
      Apr 30 05:38:53 bosc-chat sshd[13566]: PAM service(sshd) ignoring max retries; 6 > 3
      Apr 30 05:38:53 bosc-chat sshd[13566]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12 user=root
      Apr 30 05:38:53 bosc-chat sshd[13566]: Disconnecting authenticating user root 58.242.82.12 port 58191: Too many authentication failures [preauth]
      Apr 30 05:38:53 bosc-chat sshd[13566]: error: maximum authentication attempts exceeded for root from 58.242.82.12 port 58191 ssh2 [preauth]
      Apr 30 05:38:53 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      Apr 30 05:38:50 bosc-chat sshd[13558]: PAM service(sshd) ignoring max retries; 6 > 3
      Apr 30 05:38:50 bosc-chat sshd[13558]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133 user=root
      Apr 30 05:38:50 bosc-chat sshd[13558]: Disconnecting authenticating user root 218.92.0.133 port 24314: Too many authentication failures [preauth]
      Apr 30 05:38:50 bosc-chat sshd[13558]: error: maximum authentication attempts exceeded for root from 218.92.0.133 port 24314 ssh2 [preauth]
      Apr 30 05:38:50 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
      Apr 30 05:38:50 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      Apr 30 05:38:47 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
      Apr 30 05:38:47 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      Apr 30 05:38:45 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      Apr 30 05:38:44 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
      Apr 30 05:38:42 bosc-chat sshd[13560]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207 user=root
      Apr 30 05:38:42 bosc-chat sshd[13560]: Disconnected from authenticating user root 218.92.0.207 port 40772 [preauth]
      Apr 30 05:38:42 bosc-chat sshd[13560]: Received disconnect from 218.92.0.207 port 40772:11: [preauth]
      Apr 30 05:38:42 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      Apr 30 05:38:42 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
      Apr 30 05:38:41 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
      Apr 30 05:38:40 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
      Apr 30 05:38:40 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      Apr 30 05:38:38 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
      Apr 30 05:38:38 bosc-chat sshd[13566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost


      If someone is really trying to hack then is there something i can do about it?



      Thank you very much!










      share|improve this question







      New contributor




      Muhammad Usman is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.












      So I typed journalctl after ssh(ing) into the server and got the following output: (so is someone trying to hack system or is it from my side?)
      (Also note the timing says 5am? but most likely none of us login into system at that time? so it something from apache/ubuntu?)



      Apr 30 05:38:59 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2
      Apr 30 05:38:56 bosc-chat sshd[13592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12 user=root
      Apr 30 05:38:55 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2
      Apr 30 05:38:54 bosc-chat sshd[13590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133 user=root
      Apr 30 05:38:53 bosc-chat sshd[13566]: PAM service(sshd) ignoring max retries; 6 > 3
      Apr 30 05:38:53 bosc-chat sshd[13566]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12 user=root
      Apr 30 05:38:53 bosc-chat sshd[13566]: Disconnecting authenticating user root 58.242.82.12 port 58191: Too many authentication failures [preauth]
      Apr 30 05:38:53 bosc-chat sshd[13566]: error: maximum authentication attempts exceeded for root from 58.242.82.12 port 58191 ssh2 [preauth]
      Apr 30 05:38:53 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      Apr 30 05:38:50 bosc-chat sshd[13558]: PAM service(sshd) ignoring max retries; 6 > 3
      Apr 30 05:38:50 bosc-chat sshd[13558]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133 user=root
      Apr 30 05:38:50 bosc-chat sshd[13558]: Disconnecting authenticating user root 218.92.0.133 port 24314: Too many authentication failures [preauth]
      Apr 30 05:38:50 bosc-chat sshd[13558]: error: maximum authentication attempts exceeded for root from 218.92.0.133 port 24314 ssh2 [preauth]
      Apr 30 05:38:50 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
      Apr 30 05:38:50 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      Apr 30 05:38:47 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
      Apr 30 05:38:47 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      Apr 30 05:38:45 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      Apr 30 05:38:44 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
      Apr 30 05:38:42 bosc-chat sshd[13560]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207 user=root
      Apr 30 05:38:42 bosc-chat sshd[13560]: Disconnected from authenticating user root 218.92.0.207 port 40772 [preauth]
      Apr 30 05:38:42 bosc-chat sshd[13560]: Received disconnect from 218.92.0.207 port 40772:11: [preauth]
      Apr 30 05:38:42 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      Apr 30 05:38:42 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
      Apr 30 05:38:41 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
      Apr 30 05:38:40 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
      Apr 30 05:38:40 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
      Apr 30 05:38:38 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
      Apr 30 05:38:38 bosc-chat sshd[13566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost


      If someone is really trying to hack then is there something i can do about it?



      Thank you very much!







      server ssh apache2 webserver hacking






      share|improve this question







      New contributor




      Muhammad Usman is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question







      New contributor




      Muhammad Usman is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question






      New contributor




      Muhammad Usman is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 20 mins ago









      Muhammad UsmanMuhammad Usman

      1




      1




      New contributor




      Muhammad Usman is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Muhammad Usman is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Muhammad Usman is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          1 Answer
          1






          active

          oldest

          votes


















          0














          Yes, someone is actively trying to guess your root password.



          Some steps you can do to mitigate the possibility of you getting hacked:




          • Make sure your root password is long and unique.

          • Check that all your server's aplications and services are updated to
            the current version, and are regularly updated.

          • Install an intrusion prevention system. Fail2Ban is a very good one
            that will block IP attempts after X number of failed login attempts.

          • Reduce the number of IPs that are able to connect to your SSH server
            on your firewall, to your country/region and if possible, ISP. For
            example, if you live in US, you aren't going to login to your
            server from Rusia or China.

          • Hide your server IP behind a proxy service. Cloudflare is a great
            provider for that, and has free plans available.

          • Establish an email alert to notify you when someone logs in to the server.


          I'm sure there are other things you can do to harden your server, but this will be a good start.





          share
























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "89"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });






            Muhammad Usman is a new contributor. Be nice, and check out our Code of Conduct.










            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1139459%2fis-someone-trying-to-hack-my-server%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Yes, someone is actively trying to guess your root password.



            Some steps you can do to mitigate the possibility of you getting hacked:




            • Make sure your root password is long and unique.

            • Check that all your server's aplications and services are updated to
              the current version, and are regularly updated.

            • Install an intrusion prevention system. Fail2Ban is a very good one
              that will block IP attempts after X number of failed login attempts.

            • Reduce the number of IPs that are able to connect to your SSH server
              on your firewall, to your country/region and if possible, ISP. For
              example, if you live in US, you aren't going to login to your
              server from Rusia or China.

            • Hide your server IP behind a proxy service. Cloudflare is a great
              provider for that, and has free plans available.

            • Establish an email alert to notify you when someone logs in to the server.


            I'm sure there are other things you can do to harden your server, but this will be a good start.





            share




























              0














              Yes, someone is actively trying to guess your root password.



              Some steps you can do to mitigate the possibility of you getting hacked:




              • Make sure your root password is long and unique.

              • Check that all your server's aplications and services are updated to
                the current version, and are regularly updated.

              • Install an intrusion prevention system. Fail2Ban is a very good one
                that will block IP attempts after X number of failed login attempts.

              • Reduce the number of IPs that are able to connect to your SSH server
                on your firewall, to your country/region and if possible, ISP. For
                example, if you live in US, you aren't going to login to your
                server from Rusia or China.

              • Hide your server IP behind a proxy service. Cloudflare is a great
                provider for that, and has free plans available.

              • Establish an email alert to notify you when someone logs in to the server.


              I'm sure there are other things you can do to harden your server, but this will be a good start.





              share


























                0












                0








                0







                Yes, someone is actively trying to guess your root password.



                Some steps you can do to mitigate the possibility of you getting hacked:




                • Make sure your root password is long and unique.

                • Check that all your server's aplications and services are updated to
                  the current version, and are regularly updated.

                • Install an intrusion prevention system. Fail2Ban is a very good one
                  that will block IP attempts after X number of failed login attempts.

                • Reduce the number of IPs that are able to connect to your SSH server
                  on your firewall, to your country/region and if possible, ISP. For
                  example, if you live in US, you aren't going to login to your
                  server from Rusia or China.

                • Hide your server IP behind a proxy service. Cloudflare is a great
                  provider for that, and has free plans available.

                • Establish an email alert to notify you when someone logs in to the server.


                I'm sure there are other things you can do to harden your server, but this will be a good start.





                share













                Yes, someone is actively trying to guess your root password.



                Some steps you can do to mitigate the possibility of you getting hacked:




                • Make sure your root password is long and unique.

                • Check that all your server's aplications and services are updated to
                  the current version, and are regularly updated.

                • Install an intrusion prevention system. Fail2Ban is a very good one
                  that will block IP attempts after X number of failed login attempts.

                • Reduce the number of IPs that are able to connect to your SSH server
                  on your firewall, to your country/region and if possible, ISP. For
                  example, if you live in US, you aren't going to login to your
                  server from Rusia or China.

                • Hide your server IP behind a proxy service. Cloudflare is a great
                  provider for that, and has free plans available.

                • Establish an email alert to notify you when someone logs in to the server.


                I'm sure there are other things you can do to harden your server, but this will be a good start.






                share











                share


                share










                answered 4 mins ago









                Luis Alberto BarandiaranLuis Alberto Barandiaran

                113




                113






















                    Muhammad Usman is a new contributor. Be nice, and check out our Code of Conduct.










                    draft saved

                    draft discarded


















                    Muhammad Usman is a new contributor. Be nice, and check out our Code of Conduct.













                    Muhammad Usman is a new contributor. Be nice, and check out our Code of Conduct.












                    Muhammad Usman is a new contributor. Be nice, and check out our Code of Conduct.
















                    Thanks for contributing an answer to Ask Ubuntu!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1139459%2fis-someone-trying-to-hack-my-server%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    GameSpot

                    日野市

                    Tu-95轟炸機